This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Endor Labs MCP server as a Gemini Extension

Learn how to deploy and run the Endor Labs MCP as a Gemini Extension

This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Learn how to deploy and run the Endor Labs MCP as a Gemini Extension
Beta

The Endor Labs Model Context Protocol (MCP) server integrates seamlessly into your AI-native development workflows to help you keep your code secure and fix security risks faster. You can catch issues long before they’re a problem in production and fix them faster when they already are.

Endor Labs MCP server is available as a Gemini extension. After you install the extension, you can use natural language commands to interact with the MCP server. You can find the extension on GitHub.

This guide details how to integrate Endor Labs security capabilities directly into your Gemini development workflows using MCP.

Endor Labs MCP server helps your developers and AI agents in their development workflows in the following ways:

  • Provide guardrails for agents before code review: Reduce the number of known vulnerabilities entering your code and save developers time by checking AI agent suggestions in real time. Integrate security before an issue is discovered in CI or in production.
  • Improve the speed of remediating security risks: Agents uses vulnerability context from Endor Labs to help implement secure changes, from writing more secure code to upgrading dependencies.

Complete the following tasks to integrate Endor Labs MCP Server into Gemini.

The Endor Labs MCP server provides the following tools:

  • check_dependency_for_vulnerabilities: Check if the dependencies in your project are vulnerable.
  • get_endor_vulnerability: Get the details of a specific vulnerability from the Endor Labs vulnerability database.
  • get_resource: Add additional context from commonly used Endor Labs resources about your software such as findings, vulnerabilities, and projects.
  • scan: Run an Endor Labs security scan to detect risks in your open source dependencies, find common security issues, and spot any credentials accidentally exposed in your Git repository.

After you set up the MCP server, you can choose to disable the tools that you do not want to use.

Run the following command to install the Endor Labs MCP server as a Gemini extension.

gemini extensions install https://github.com/endorlabs/gemini-extension.git

Run the following command in the Gemini CLI to verify the Endor Labs MCP server installation.

gemini> /mcp list

The following output appears if the Endor Labs MCP server is installed.

Verify the Endor Labs MCP server Gemini installation

After you install the Endor Labs MCP server as a Gemini extension, you must initialize the MCP server in Gemini CLI.

You can use natural language commands to initiate an authentication flow.

gemini> Initialize Endor Labs with Google authentication using the command `endorctl init --auth-mode=google`

After you initialize the MCP server, you can converse with the MCP server using natural language commands to get information about your projects, vulnerabilities, and dependencies.

The following examples show how to use the Endor Labs MCP server in Gemini CLI. Always navigate to the project directory before using the MCP server.

gemini> Scan my project for security vulnerabilities

gemini> Check dependencies for known CVEs

gemini> Generate a security report for this repository

The Endor Labs MCP server provides a context file that you can use to add additional context to the MCP server. The context file,ENDORLABS_CONTEXT.md is located in the ~/.gemini/extensions/endorlabs/gemini-extension/ directory.

You can use the context file to add additional context to the MCP server. For example, you can add additional rules and context for your project in the context file.